LTE Security How Good Is It?

Similar documents
Communication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016

3GPP security hot topics: LTE/SAE and Home (e)nb

3GPP TS V ( )

ETSI TS V ( )

DAY 2. HSPA Systems Architecture and Protocols

Simulation of LTE Signaling

INTRODUCTION TO LTE. ECE MOBILE COMMUNICATION Monday, 25 June 2018

UMTS System Architecture and Protocol Architecture

An Introduction to Cellular Security. Joshua Franklin

3GPP security. Valtteri Niemi 3GPP SA3 (Security) chairman Nokia

Defeating IMSI Catchers. Fabian van den Broek et al. CCS 2015

System Architecture Evolution

Network Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Wireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013

Session 5 The e v e o v l o ve v d P a P c a k c e k t e t Co C r o e r (EP E C P ) C : T he a l a l-ip based

IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 16, NO. 1, FIRST QUARTER A Survey on Security Aspects for LTE and LTE-A Networks

POWER-ON AND POWER-OFF PROCEDURES

T325 Summary T305 T325 B BLOCK 2 4 PART III T325. Session 1 Block III Part 2 Section 2 - Continous Network Architecture. Dr. Saatchi, Seyed Mohsen

MSF Architecture for 3GPP Evolved Packet System (EPS) Access MSF-LTE-ARCH-EPS-002.FINAL

Mobile Network Evolution Part 2

Improved One-Pass IP Multimedia Subsystem Authentication for UMTS

Implementation of Enhanced AKA in LTE Network

3GPP SA3-5G SECURITY. Major changes in 5G security architecture and procedures Sander de Kievit

3GPP TS V ( )

Requirement Plan Plan Name: LTE_Data_Retry Plan Id: LTEDATARETRY Version Number: 31 Release Date: June 2018

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

Secure military communications on 3G, 4G and WiMAX

Contents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications

Hands-On Modern Mobile and Long Term Evolution LTE

(DMO); Part 6: Security

LEGAL DISCLAIMERS AND NOTICES

3GPP TS V ( )

Mobile NW Architecture Evolution

Nr. Standard reference Title

Basic SAE Management Technology for Realizing All-IP Network

Survey of security features in LTE Handover Technology

GPRS and UMTS T

Product Description. MS2372h-153 LTE USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

GTP-based S2b Interface Support on the P-GW and SAEGW

Novel design of embms based on Femtocell

GPRS Security for Smart Meters

Keywords Quality of Service (QoS), Long Term Evolution (LTE), System Architecture Evolution (SAE), Evolved Packet System (EPS).

ETSI documents published or circulated for vote/comment in January 2019

Native Deployment of ICN in 4G/LTE Mobile Networks

ETSI TS V8.3.0 ( ) Technical Specification

City Research Online. Permanent City Research Online URL:

Configuring GPRS Tunneling Protocol Support

UMTS Addresses and Identities Mobility and Session Management

ETSI TS V3.4.0 ( )

LTE Relay Node Self-Configuration

Mobile Security Fall 2013

1.1 Beyond 3G systems

Product Description. HiLink E3531 HSPA+ USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 02. Date

Improved Internet Protocol Multimedia Subsystem Authentication for Long Term Evolution

Talk 4: WLAN-GPRS Integration for Next-Generation Mobile Data Networks

LTE Radio Interface Architecture. Sherif A. Elgohari

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

Authenticated Key Management Scheme for Intra-Mme Handover Over LTE Networks

Communication Systems for the Mobile Information Society

System Enhancements for Accessing Broadcast Services in All-IP Networks. Motivation

EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

Security functions in mobile communication systems

3GPP TS V9.5.0 ( )

ETSI documents published or circulated for vote/comment in September 2018

TECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET. Bornholm, October 2003

EXAM IN TTM4137 WIRELESS SECURITY

CERTIFICATE OF ACCREDITATION

ETSI TS V ( )

A Study on Architecture of CAN over 3GPP Gateway in Vehicle Network

Wireless Security Security problems in Wireless Networks

Security Advances and Challenges in 4G Wireless Networks

ETSI TS V3.5.0 ( )

3GPP TS V ( )

TTCN3 in Wireless Testing Eco Space

Product Description. HiLink E3251 DC-HSPA+ USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Product Description. HiLink E3131 HSPA+ USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Next Generation Core Networks Summit 2011 Standardisation and Developments within SAE

Dedicated Core Networks on MME

Network Architectures for Evolving 3G LTE and Mobile WiMAX

UNIVERSAL MOBILE TELECOMMUNICATIONS

ETSI TS V ( )

Delivery of Voice and Text Messages over LTE 13 年 5 月 27 日星期 一

ETSI TS V9.2.0 ( ) Technical Specification

Product Description. HUAWEI E369 HSPA+ USB Stick V400R001 HUAWEI TECHNOLOGIES CO., LTD.

USIM based Authentication Test-bed For UMTS-WLAN Handover 25 April, 2006

3GPP TS V9.1.0 ( )

ETSI TS V ( )

awaves academy EPS/LTE Training Program In cooperation with GreenlightPM and TheSpecTool TheSpecTool

ETSI TS V9.0.0 ( ) Technical Specification

Dual Connectivity in LTE

ETSI TS V9.3.0 ( ) Technical Specification

Dedicated Core Networks on MME

Test Plan for LTE Interoperability

Mobile Network Evolution Part 2

Product Description. HUAWEI E3531 HSPA+ USB Stick V100R001 HUAWEI TECHNOLOGIES CO., LTD. Issue 02. Date

Temporary Document Page 2 - switches off, the allocated resources and PCC rules information of PDN GWs used by the UE in non- network will not be dele

ETSI TS V8.3.0 ( ) Technical Specification

Understand iwag Solution for 3G Mobile Data

Evaluation of 3GPP LTE and IEEE as Candidate IMT-Advanced Systems

Product Description. HUAWEI E156G HSDPA USB Stick V100R001 Issue:- 01 Date: Enjoy.

Transcription:

SESSION ID: TECH-RO3 LTE Security How Good Is It? Jeffrey Cichonski IT Specialist (Security) National Institute of Standards & Technology @jchonski Joshua Franklin IT Specialist (Security) National Institute of Standards & Technology @thejoshpit

Disclaimer Certain commercial entities, equipment, or materials may be identified in this presentation in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. 2

Objectives Discussion of LTE standards Description of LTE technology Exploration of LTE's protection mechanisms Enumeration of threats to LTE How good is LTE security? 3

Context of Research The Public Safety Communications Research (PSCR) program is joint effort between NTIA & NIST Located in Boulder, CO PSCR investigates methods to make public safety communications systems interoperable, secure, and to ensure it meets the needs of US public safety personnel Researching the applicability of LTE in public safety communications 4

What is LTE LTE Long Term Evolution Evolutionary step from GSM to UMTS 4th generation cellular technology standard from the 3rd Generation Partnership Project (3GPP) Deployed worldwide and installations are rapidly increasing LTE is completely packet-switched Technology to provide increased data rates 5

3GPP Standards & Evolution 2G GSM 2.5G EDGE 3G UMTS 3.5G HSPA 4G LTE Note: Simplified for brevity 6

LTE Technology Overview

The Basics A device (UE) connects to a network of base stations (E-UTRAN) The E-UTRAN connects to a core network (Core) The Core connects to the internet (IP network). 8

Mobile Device User equipment (UE): Cellular device containing the following Mobile equipment (ME): The physical cellular device UICC: Known as SIM card Responsible for running the SIM and USIM Applications Can store personal info (e.g., contacts) & even play video games! IMEI: Equipment Identifier IMSI: Subscriber Identifier 9

The Evolved Universal Terrestrial Radio Access Network (E-UTRAN) enodeb: Radio component of LTE network De-modulates RF signals & transmits IP packets to core network Modulates IP packets & transmits RF signals to UE E-UTRAN: mesh network of enodebs X2 Interface: connection between enodebs 10

Evolved Packet Core (EPC) Mobility Management Entity (MME) Primary signaling node - does not interact with user traffic Functions include managing & storing UE contexts, creating temporary IDs, sending pages, controlling authentication functions, & selecting the S-GW and P-GWs Serving Gateway (S-GW) Router of information between the P-GW and the E-UTRAN Carries user plane data, anchors UEs for intra-enodeb handoffs Packet Data Gateway (P-GW) Allocates IP addresses and routes packets Interconnects with non 3GPP networks Home Subscriber Server (HSS) Houses subscriber identifiers and critical security information Note: Simplified for brevity 11

LTE Network 12

Communications Planes LTE uses multiple planes of communication Different logical planes are multiplexed into same RF signal Routed to different end points 13

LTE Protocols TCP/IP sits on top of the cellular protocol stack: Radio Resource Control (RRC): Transfers NAS messages, AS information may be included, signaling, and ECM Packet Data Convergence Protocol (PDCP): header compression, radio encryption Radio Link Control (RLC): Readies packets to be transferred over the air interface Medium Access Control (MAC): Multiplexing, QoS 14

Subscriber Identity (IMSI) MCC MNC MSIN International Mobile Subscriber Identity (IMSI) 310 014 00000**** LTE uses a unique ID for every subscriber 15 digit number stored on the UICC Consists of 3 values: MCC, MNC, and MSIN Distinct from the subscriber s phone number 15

LTE Security Architecture

LTE Security Architecture We will explore several LTE defenses: SIM cards and UICC tokens Device and network authentication Air interface protection (Uu) Backhaul and network protection (S1-MME, S1-U) LTE's security architecture is defined by 3GPP's TS 33.401 There are many, many, many references to other standards within 17

UICC Token Hardware storage location for sensitive information Stores pre-shared key K Stores IMSI Limited access to the UICC via a restricted API Performs cryptographic operations for authentication TS 33.401-6.1.1: Access to E-UTRAN with a 2G SIM or a SIM application on a UICC shall not be granted. 18

Device & Network Authentication Authentication and Key Agreement (AKA) is the protocol used for devices to authenticate with the carrier to gain network access The cryptographic keys needed to encrypt calls are generated upon completion of the AKA protocol 3GPP 33.401-6.1.1: EPS AKA is the authentication and key agreement procedure that shall be used over E-UTRAN. 19

AKA Packet Capture Sending Temporary Identity Authentication Vectors Authentication Response 20

Cryptographic Key Usage K: 128-bit master key. Put into USIM and HSS by carrier CK & IK: 128-bit Cipher key and Integrity key KASME : 256-bit local master, derived from CK & IK KeNB: 256-bit key used to derive additional keys NASenc & NASint: 256/128-bit key protecting NAS RRCenc & RRCint: 256/128-bit key protecting RRC UPenc: 256/128-bit key protecting UP traffic 21

Air Interface Protection The connection between the UE and the enodeb is referred to as the air interface 3 algorithms exist to protect the LTE air interface: SNOW 3G = stream cipher designed by Lund University (Sweden) AES = Block cipher standardized by NIST (USA) ZUC = stream cipher designed by the Chinese Academy of Sciences (China) Each algorithm can be used for confidentiality protection, integrity protection, or to protect both. 3GPP 33.401-5.1.3.1: User plane confidentiality protection shall be done at PDCP layer and is an operator option. 22

Backhaul Protection Confidentiality protection of traffic running over S1 Interface (Backhaul) Hardware security appliances are used to implement this standard Security Gateways (SEG) IPSEC tunnel created between enodeb and SEG 3GPP TS 33.401-13: NOTE: In case the S1 management plane interfaces are trusted (e.g. physically protected), the use of protection based on IPsec/IKEv2 or equivalent mechanisms is not needed. 23

Threats to LTE Networks

General Computer Security Threats Threat: LTE infrastructure runs off of commodity hardware & software. With great commodity, comes great responsibility. Susceptible to software and hardware flaws pervasive in any general purpose operating system or application Mitigation: Security engineering and a secure system development lifecycle. 25

Renegotiation Attacks Threat: Rogue base stations can force a user to downgrade to GSM or UMTS. Significant weaknesses exist in GSM cryptographic algorithms. Mitigation: Ensure LTE network connection. Most current mobile devices do not provide the ability to ensure a user's mobile device is connected to an LTE network. A Use LTE only option is available to the user Use a rogue base station detector 26

Device & Identity Tracking Threat: The IMEI and IMSI can be intercepted and used to track a phone and/or user. Rogue base stations can perform a MiM attack by forcing UEs to connect to it by transmitting at a high power level The phone may transmit its IMEI or IMSI while attaching or authenticating. Mitigation: UEs should use temporary identities and not transmit them in over unencrypted connections. IMSI-catcher-catcher 27

Call Interception Threat: Renegotiation attacks may also allow MitM attacks to establish an unencrypted connection to a device making a phone call Attacker may be able to listen to the phone call Mitigation: The ciphering indicator feature discussed in 3GPP TS 22.101 would alert the user if calls are made over an unencrypted connection 28

Jamming UE Radio Interface Threat: Jamming the LTE radio prevents the phone from successfully transmitting information. Jamming decreases the signal to noise ratio by transmitting static and/or noise at high power levels across a given frequency band. Research suggests that, due to the small amount of control signaling in LTE, this attack is possible. Prevents emergency calls Mitigation: Unclear. Further research is required and may require changes to 3GPP standards to mitigate this attack. 29

Attacks Against the Secret Key (K) Threat: Attackers may be able to steal K from the carrier's HSS/AuC or obtain it from the UICC manufacturer: Card manufacturers may keep a database of these keys within their internal network Mitigation(s): Physical security measures from UICC manufacturer Network security measures from carrier HSS/AuC 30

Physical Base Station Attacks Threat: The radio equipment and other electronics required to operate a base station may be physically destroyed Mitigation: Provide adequate physical security measures such as video surveillance, gates, and various tamper detection mechanisms 31

Availability Attacks on enodeb & Core Threat: A large number of simultaneous requests may prevent enodebs and core network components (e.g., HSS) from functioning properly. Simulating large numbers of fake handsets Mitigation: Unclear 32

Apply What You Learned Today Following this talk: Take notice when you re connected to non-lte networks (e.g., EDGE, GPRS, UMTS, HSPA, WiFi) Understand protections are offered by LTE and what isn t Don t send sensitive information over untrusted or non-lte networks LTE helps mitigate rogue base station attacks 33

Summary How Good is it? LTE security is markedly more secure than its predecessors Strong security mechanisms are baked-in Unfortunately, many of them are optional or may not be on by default Although integrity protection mechanisms are required Call your friendly neighborhood wireless carrier today Unaddressed threats exist (e.g., jamming) Some are outside the purview of the carriers & standards bodies, such as SoC manufacturers LTE is always evolving Today's defenses are not etched in stone Upgrades are in the works via 3GPP Working Groups 34

Questions?

Selected Acronyms & Abbreviations 3GPP 3 rd Generation Partnership Project AuC Authentication Center ME Mobile Equipment AS Access Stratum MME Mobility Management Entity AUTN Authentication token NAS Network Access Stratum CP Control Plane NIST National Institute of Standards & Technology EDGE Enhanced Data Rates for GSM Evolution PDCP Packet Data Convergence Protocol enb enodeb, Evolved Node B enodebevolved Node B EPC Evolved Packet Core EPS Evolved Packet System E-UTRAN Evolved Universal Terrestrial Radio Access Network GPRS General Packet Radio Service GSM Global System for Mobile Communications GUTI Globally Unique Temporary UE Identity HSS Home Subscriber Server IMEI International Mobile Equipment Identifier IMS IP Multimedia Subsystem IMSI International Mobile Subscriber Identity K Secret Key K LTE Long Term Evolution P-GW Packet Gateway PHY Physical PSCR Public Safety Communications Research RAND Random RES Response RLC Radio Link Control RRC Radio Resource Control S-GW Serving Gateway SQN Sequence Number TMSI Temporary Mobile Subscriber Identity UE User Equipment UICC Universal Integrated Circuit Card UMTS Universal Mobile Telecommunications System XRES Expected result 36

References 3GPP TS 33.102: 3G security; Security architecture 3GPP TS 22.101: Service aspects; Service principles 3GPP TS 33.210: 3G security; Network Domain Security (NDS); IP network layer security 3GPP TS 33.401: 3GPP System Architecture Evolution (SAE); Security architecture 3GPP TR 33.821: Rationale and track of security decisions in LTE D. Forsberg, G.Horn, W.-D. Moeller, and V. Niemi, LTE Security, 2nd ed., John Wiley & Sons, Ltd.: United Kingdom, 2012. Pico, Parez, Attacking 3G, Rooted 2014. Prasad, Anand, 3GPP SAE/LTE Security, NIKSUN WWSMC, 2011. Schneider, Peter, How to secure an LTE-network: Just applying the 3GPP security standards and that's it?, Nokia, 2012. 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback